IT Audit and Assurance Guidelines |
Effective Date |
| G1 |
Using the Work of Other Experts |
1 March 2008 |
| G2 |
Audit Evidence Requirement |
1 May 2008 |
| G3 |
Use of Computer Assisted Audit Techniques (CAATs) |
1 March 2008 |
| G4 |
Outsourcing of IS Activities to Other Organisations |
1 May 2008 |
| G5 |
Audit Charter |
1 February 2008 |
| G6 |
Materiality Concepts for Auditing Information Systems |
1 May 2008 |
| G7 |
Due Professional Care |
1 March 2008 |
| G8 |
Audit Documentation |
1 March 2008 |
| G9 |
Audit Considerations for Irregularities and Illegal Acts |
1 September 2008 |
| G10 |
Audit Sampling |
1 August 2008 |
| G11 |
Effect of Pervasive IS Controls |
1 August 2008 |
| G12 |
Organisational Relationship and Independence |
1 August 2008 |
| G13 |
Use of Risk Assessment in Audit Planning |
1 August 2008 |
| G14 |
Application Systems Review
See Generic Applications Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G15 |
Audit Planning |
1 May 2010 |
| G16 |
Effect of Third Parties on an Enterprise’s IT Controls
See Outsourced IT Environments Audit/Assurance Program
Note: An updated program is scheduled to be issued in January |
Withdrawn 14 January 2013 |
| G17 |
Effect of Nonaudit Role on the IT Audit and Assurance Professional’s Independence |
1 May 2010 |
| G18 |
IT Governance |
Withdrawn 14 January 2013 |
| G19 |
Irregularities and Illegal Acts |
Withdrawn 1 September 2008 |
| G20 |
Reporting |
16 September 2010 |
| G21 |
Enterprise Resource Planning (ERP) Systems Review
See Security, Audit and Control Features SAP ERP, 3rd Edition Audit Programs and ICQs |
Withdrawn 14 January 2013 |
| G22 |
Business-to-consumer (B2C) E-commerce Review
See E-commerce and PKI Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G23 |
System Development Life Cycle (SDLC) Review Reviews
See Systems Development and Project Management Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G24 |
Internet Banking |
Withdrawn 14 January 2013 |
| G25 |
Review of Virtual Private Networks
See VPN Security Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G26 |
Business Process Reengineering (BPR) Project Reviews |
Withdrawn 14 January 2013 |
| G27 |
Mobile Computing
See Mobile Computing Security Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G28 |
Computer Forensics |
Withdrawn 14 January 2013 |
| G29 |
Post-implementation Review
See Systems Development and Project Management Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G30 |
Competence |
1 June 2005 |
| G31 |
Privacy
Note: Personally Identifiable Information Audit/Assurance Program scheduled to be issued in January |
Withdrawn 14 January 2013 |
| G32 |
Business Continuity Plan (BCP) Review from IT Perspective
See Business Continuity Management Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G33 |
General Considerations on the Use of the Internet
See E-commerce and PKI Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G34 |
Responsibility, Authority and Accountability |
1 March 2006 |
| G35 |
Follow-up Activities |
1 March 2006 |
| G36 |
Biometric Controls
See Biometrics Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G37 |
Configuration Management Process |
Withdrawn 14 January 2013 |
| G38 |
Access Controls
See Identity Management Audit/Assurance Program
Note: An updated version is scheduled to be issued in February |
Withdrawn 14 January 2013 |
| G39 |
IT Organisation |
Withdrawn 14 January 2013 |
| G40 |
Review of Security Management Practices
See Security Incident Management Audit/Assurance Program |
Withdrawn 14 January 2013 |
| G41 |
Return on Security Investment (ROSI) |
Withdrawn 14 January 2013 |
| G42 |
Continuous Assurance |
1 May 2010 |